lmms
lmms copied to clipboard
Published
20 hours ago •
LMMS
LMMS
Lv2 MDA Piano causes an invalid write
Bug Summary
Lv2 MDA Piano causes an invalid write when notes are edited while played.
Steps to reproduce
Use Lv2 MDA Piano. Edit notes (volume) while playing them (start and stop a few times). Possibly it's not even required to edit notes.
Expected behavior
No invalid write.
Actual behavior
Invalid write.
Affected LMMS versions
Any.
Logs
Click to expand
Using vgdb (http://log.fundamental-code.com/2012/01/30/vgdb-uniting-valgrind-and-gdb.html), valgrind notices the first invalid write inside mdaPiano, where is written directly behind the output buffer.
$ cat -n src/mdaPiano.cpp | grep -C 5 381
376 }
377 comb[cpos] = l + r;
378 ++cpos &= cmax;
379 x = cdep * comb[cpos]; //stereo simulator
380
381 *out0++ = l + x;
382 *out1++ = r - x;
383 }
384
385 if(!end)
386 {
valgrind:
==811656== Thread 10 Mixer::fifoWrite: ==811656== Invalid write of size 4 ==811656== at 0x1389C637: mdaPiano::processReplacing(float**, float**, int) (mdaPiano.cpp:381) ==811656== by 0x1389DDF2: lvz_run (wrapper.cpp:166) ==811656== by 0x3D7100: lilv_instance_run (lilv.h:1948) ==811656== by 0x3D848E: Lv2Proc::run(short) (Lv2Proc.cpp:333) ==811656== by 0x3CE9CC: Lv2ControlBase::run(short) (Lv2ControlBase.cpp:148) ==811656== by 0x20B7C230: Lv2Instrument::play(std::array*) (Lv2Instrument.cpp:165) ==811656== by 0x35F2CA: InstrumentPlayHandle::play(std::array *) (InstrumentPlayHandle.h:65) ==811656== by 0x38BFD2: PlayHandle::doProcessing() (PlayHandle.cpp:58) ==811656== by 0x35F0B0: ThreadableJob::process() (ThreadableJob.h:74) ==811656== by 0x37D53C: MixerWorkerThread::JobQueue::run() (MixerWorkerThread.cpp:84) ==811656== by 0x37D7A8: MixerWorkerThread::startAndWaitForJobs() (MixerWorkerThread.cpp:157) ==811656== by 0x376266: Mixer::renderNextBuffer() (Mixer.cpp:389) ==811656== Address 0x18299790 is 0 bytes after a block of size 1,024 alloc'd ==811656== at 0x483ADEF: operator new(unsigned long) (vg_replace_malloc.c:342) ==811656== by 0x3B8B5D: __gnu_cxx::new_allocator ::allocate(unsigned long, void const*) (new_allocator.h:115) ==811656== by 0x3B8AB1: std::allocator_traits<:allocator> >::allocate(std::allocator &, unsigned long) (alloc_traits.h:460) ==811656== by 0x3B89FF: std::_Vector_base >::_M_allocate(unsigned long) (stl_vector.h:346) ==811656== by 0x3B8906: std::_Vector_base >::_M_create_storage(unsigned long) (stl_vector.h:361) ==811656== by 0x3B8722: std::_Vector_base >::_Vector_base(unsigned long, std::allocator const&) (stl_vector.h:305) ==811656== by 0x3B8592: std::vector >::vector(unsigned long, std::allocator const&) (stl_vector.h:511) ==811656== by 0x3D558B: Lv2Ports::Audio::Audio(unsigned long, bool) (Lv2Ports.cpp:305) ==811656== by 0x3D943D: Lv2Proc::createPort(unsigned long) (Lv2Proc.cpp:585) ==811656== by 0x3D9D16: Lv2Proc::createPorts() (Lv2Proc.cpp:723) ==811656== by 0x3D8829: Lv2Proc::initPlugin() (Lv2Proc.cpp:393) ==811656== by 0x3D7A0D: Lv2Proc::Lv2Proc(LilvPluginImpl const*, Model*) (Lv2Proc.cpp:164)
gdb says:
(gdb) bt #0 mdaPiano::processReplacing(float**, float**, int) (this=0x18635c20, inputs=0x0, outputs=0xba82810, sampleFrames=256) at ../src/mdaPiano.cpp:381 #1 0x000000001389ddf3 in lvz_run(LV2_Handle, uint32_t) (instance=0x12d5d1c0, sample_count=256) at ../lvz/wrapper.cpp:166 #2 0x00000000003d7101 in lilv_instance_run(LilvInstance*, uint32_t) (instance=0x17a56f90, sample_count=256) at /usr/include/lilv-0/lilv/lilv.h:1948 #3 0x00000000003d848f in Lv2Proc::run(short) (this=0x97dacf0, frames=256) at /home/johannes/cprogs/lmms/master/src/core/lv2/Lv2Proc.cpp:333 #4 0x00000000003ce9cd in Lv2ControlBase::run(short) (this=0x218300e8, frames=256) at /home/johannes/cprogs/lmms/master/src/core/lv2/Lv2ControlBase.cpp:148 #5 0x0000000020b7c231 in Lv2Instrument::play(std::array*) (this=0x21830080, buf=0x21850080) at /home/johannes/cprogs/lmms/master/plugins/Lv2Instrument/Lv2Instru #6 0x000000000035f2cb in InstrumentPlayHandle::play(std::array *) (this=0x16b166c0, _working_buffer=0x21850080) at /home/johannes/cprogs/lmms/master/include/Inst #7 0x000000000038bfd3 in PlayHandle::doProcessing() (this=0x16b166c0) at /home/johannes/cprogs/lmms/master/src/core/PlayHandle.cpp:58 #8 0x000000000035f0b1 in ThreadableJob::process() (this=0x16b166c0) at /home/johannes/cprogs/lmms/master/include/ThreadableJob.h:74 #9 0x000000000037d53d in MixerWorkerThread::JobQueue::run() (this=0x707180 <:globaljobqueue>) at /home/johannes/cprogs/lmms/master/src/core/MixerWorkerThr #10 0x000000000037d7a9 in MixerWorkerThread::startAndWaitForJobs() () at /home/johannes/cprogs/lmms/master/src/core/MixerWorkerThread.cpp:157 #11 0x0000000000376267 in Mixer::renderNextBuffer() (this=0xb8225d0) at /home/johannes/cprogs/lmms/master/src/core/Mixer.cpp:389 #12 0x0000000000378d4f in Mixer::fifoWriter::run() (this=0x97e0bc0) at /home/johannes/cprogs/lmms/master/src/core/Mixer.cpp:1263 #13 0x0000000005f2df0f in () at /usr/lib/libQt5Core.so.5 #14 0x00000000048963e9 in start_thread () at /usr/lib/libpthread.so.0 #15 0x00000000066ac293 in clone () at /usr/lib/libc.so.6 (gdb) info args this = 0x18635c20 inputs = 0x0 outputs = 0xba82810 sampleFrames = 256 (gdb) info locals V = 0x18636054 end = true out0 = 0x18299794 out1 = 0x18299bd0 frame = 256 frames = 101 v = 13 x = -0.0248893611 l = -0.204520881 r = -0.186344534 i = -9666 ev = 0x100b1c6c
My bad. I was referencing to the issue in mda JX10 and DX10. DX10 valgrind logs here. I failed to recognize that those earlier logs specifically mention that there are uninitialized values in there and your log above doesn't.
PS. The logs above are from mdaPiano and not mdaEPiano which is specified in the bug summary. Does mdaPiano use the mdaEPiano module?
@zonkmachine indeed, the logs say it's the normal Piano, and that's also what @MessyBookshelf reported on Discord. Fixed the typos.
I can't tell if it's really a different error, but the replication is different. This error here only seems to occur when you edit notes while playing.
Got this one. I was manually adding notes when looping MDAPiano.
Logs
Click to expand
Program terminated with signal SIGSEGV, Segmentation fault. --Typefor more, q to quit, c to continue without paging-- #0 0x000055c3e32f83c0 in Lv2Ports::Audio::copyBuffersToCore(std::array *, unsigned int, short) const () [Current thread is 1 (Thread 0x7fb1e2ffe640 (LWP 42525))] (gdb) bt full #0 0x000055c3e32f83c0 in Lv2Ports::Audio::copyBuffersToCore(std::array *, unsigned int, short) const () #1 0x000055c3e32f7034 in Lv2ControlBase::copyBuffersToLmms(std::array *, short) const () #2 0x00007fb1e1f0f200 in Lv2Instrument::play(std::array *) () at /home/zonkmachine/builds/lmms/build/plugins/liblv2instrument.so #3 0x000055c3e327d43f in InstrumentPlayHandle::play(std::array *) () #4 0x000055c3e329b73a in MixerWorkerThread::JobQueue::run() () #5 0x000055c3e329b983 in MixerWorkerThread::startAndWaitForJobs() () #6 0x000055c3e329908e in Mixer::renderNextBuffer() () #7 0x000055c3e3299474 in Mixer::fifoWriter::run() () #8 0x00007fb22bac5341 in () at /lib/x86_64-linux-gnu/libQt5Core.so.5 #9 0x00007fb22d7b1450 in start_thread (arg=0x7fb1e2ffe640) at pthread_create.c:473 ret = pd = 0x7fb1e2ffe640 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140401994360384, -1198081402697173486, 140735527269582, 140735527269583, 0, 140401994360384, 1169892124703569426, 1169763523000776210}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 #10 0x00007fb22b6dfd53 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Crash when tweaking volume in Piano Roll and on a debug build.
Logs
Click to expand
Thread 22 "Mixer::fifoWrit" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff9dd8a640 (LWP 52109)]
0x0000555555856363 in Lv2Ports::Audio::copyBuffersToCore (this=0x5555593e0cc0, lmmsBuf=0x7ffff26e3080, channel=1, frames=256)
at /home/zonkmachine/builds/lmms/src/core/lv2/Lv2Ports.cpp:341
341 lmmsBuf[f][channel] = m_buffer[f];
(gdb) bt full
#0 0x0000555555856363 in Lv2Ports::Audio::copyBuffersToCore(std::array*, unsigned int, short) const
(this=0x5555593e0cc0, lmmsBuf=0x7ffff26e3080, channel=1, frames=256) at /home/zonkmachine/builds/lmms/src/core/lv2/Lv2Ports.cpp:341
f = 0
#1 0x000055555585925d in Lv2Proc::copyBuffersToCore(std::array*, unsigned int, unsigned int, short) const (this=
0x55555971fb90, buf=0x7ffff26e3080, firstChan=0, num=2, frames=256) at /home/zonkmachine/builds/lmms/src/core/lv2/Lv2Proc.cpp:322
ap = 0x5555593e0cc0
#2 0x000055555584ee69 in Lv2ControlBase::copyBuffersToLmms(std::array*, short) const (this=
0x7ffff27e00e8, buf=0x7ffff26e3080, frames=256) at /home/zonkmachine/builds/lmms/src/core/lv2/Lv2ControlBase.cpp:139
c = std::unique_ptr = {get() = 0x55555971fb90}
__for_range = std::vector of length 1, capacity 1 = {std::unique_ptr = {get() = 0x55555971fb90}}
__for_begin = std::unique_ptr = {get() = 0x55555971fb90}
__for_end = std::unique_ptr = {get() = 0x7ffff5fd8c00 }
firstChan = 0
#3 0x00007fff9c660f38 in Lv2Instrument::play(std::array*) (this=0x7ffff27e0080, buf=0x7ffff26e3080)
at /home/zonkmachine/builds/lmms/plugins/Lv2Instrument/Lv2Instrument.cpp:168
fpp = 256
#4 0x00005555557d321d in InstrumentPlayHandle::play(std::array*) (this=0x5555593e2810, _working_buffer=0x7ffff26e3080)
at /home/zonkmachine/builds/lmms/include/InstrumentPlayHandle.h:65
nphv =
{> = {}, {p = {static shared_null = {ref = {atomic = {_q_value = {<:__atomic_base>> = {static _S_alignment = 4, _M_i = -1}, }}}, alloc = 0, begin = 0, end = 0, array = {0x0}}, d = 0x7fff70007ef0}, d = 0x7fff70007ef0}}
nphsLeft = false
#5 0x000055555580378d in PlayHandle::doProcessing() (this=0x5555593e2810) at /home/zonkmachine/builds/lmms/src/core/PlayHandle.cpp:58
#6 0x00005555557d2feb in ThreadableJob::process() (this=0x5555593e2810) at /home/zonkmachine/builds/lmms/include/ThreadableJob.h:74
expected = ThreadableJob::ProcessingState::Queued
#7 0x00005555557f1c81 in MixerWorkerThread::JobQueue::run() (this=0x555555bade80 <:globaljobqueue>)
at /home/zonkmachine/builds/lmms/src/core/MixerWorkerThread.cpp:84
job = 0x5555593e2810
i = 0
processedJob = false
#8 0x00005555557f1f0d in MixerWorkerThread::startAndWaitForJobs() () at /home/zonkmachine/builds/lmms/src/core/MixerWorkerThread.cpp:157